Comments (4)
We have successfully used ActiveDirectory, Red Hat IDM/389/OpenLDAP and cloud services like JumpCloud for authentication in QIS. We also spent quite a bit of time working on a solution to automatically secure images to one (or more) known users but that was a couple of years ago. This was for users to upload images of their high value works of art and to then control which other users they would let see the image.
I will have a hunt through the code and documentation to see what I can find of this work and will let you know.
from qis.
As fair as I know Keycloak only has capabilities federate user from ActiveDirectory and LDAP, but does not acts as a source for other systems. Hence, my idea to use OpenID connect.
from qis.
Project lead coder fozcode has spent some time on OpenID Connect on another project. It's based on OAuth 2, the standard that one of the original designers resigned from because industry pressure made it too complicated to implement safely.
But the gist of it is that you authenticate with a 3rd party and the 3rd party gives you 3 tokens, one saying who you are, one saying what your application permissions are (defined on their side), and one for renewing the tokens before they expire.
QIS would need something like we already did here:
#27
Whereby if they're not authenticated we redirect away to the 3rd party login page, and that redirects back to QIS with the tokens. QIS would then need to check the 3rd party tokens for expiry as part of its middleware, and have a link between the 3rd party token and its own user database, e.g. with the username or email address embedded inside the token.
Is this the sort of thing that you are thinking about?
from qis.
Hi Roland, yeah that sound about right to me.
The redirect flow would not be need in our case where our React frontend would only talk to the QIS REST API. Instead of getting a token from QIS the frontend would come with an OIDC auth token right away. However I could Imagine this would be needed you one would want to use a OPID Connect based IDM to kinda not use the QIS own user management at all.
Best, Martin
from qis.
Related Issues (20)
- API - don't return deleted records by default HOT 1
- Remove the user objects from Portfolios API HOT 2
- API - add a way of retrieving portfolio by human ID
- API - image object occasionally contains a history field
- Images with GPS - the Google map is broken HOT 1
- Try out the app in "Play with Docker"
- API - portfolio image reordering returns old value of order_num HOT 1
- API docs - clarify POST data vs query string parameters
- Itsdangerous - upgrade past v1 HOT 2
- Base image detection for tiles sometimes seems to fail HOT 1
- README - producing a byte string
- Converting colours to transparency
- Contrast adjustments
- Improve the Docker deployment
- Error running docker setup on Ubuntu HOT 6
- No module named 'encodings' HOT 10
- How to configure the image max file size? HOT 15
- .
- Delete uploaded image HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from qis.